Creating and editing GuardDuty log sources

See an overview of GuardDuty services that you have across all Amazon AWS accounts, see which QRadar® GuardDuty log sources are currently set up, and view or edit these log sources.

Before you begin

To modify log source information, ask your administrator to grant you the "Manage Log Sources" permission.

Procedure

  1. On the Utilities for configuring AWS services for QRadar tab, click Log Sources > GuardDuty Logs.
  2. Optional: Filter the log sources by the warnings or errors for each log source. Access the Filters sidebar by clicking the filter icon in the upper left of the view page.
  3. Click Create in the QRadar Log Source column, complete the parameters, and click Submit.
  4. Optional: To edit a log source, click the link of the log source name in the QRadar Log Source column, click Edit, and complete the configuration window that opens. Click Submit when you're finished.
  5. Optional: To delete a log source, click the link of the log source name in the QRadar Log Source column, and then click Delete in the Log Source Summary.
    You cannot undo the action.